'Geinimi' Trojan taking down Android devices in Asia

'Geinimi' Trojan taking down Android devices in Asia
Lookout Mobile Security has reported this week that a new Android-based Trojan Horse dubbed "Geinimi" has been taking down Android devices in China over the past month.

So far, there have been no reported cases in Europe or the Americas, as the malware-infected apps have only been seen on Chinese mobile apps websites.



Says the security firm:
A new Trojan affecting Android devices has recently emerged in China. Dubbed “Geinimi” based on its first known incarnation, this Trojan can compromise a significant amount of personal data on a user’s phone and send it to remote servers. The most sophisticated Android malware we’ve seen to date, Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.

Geinimi is effectively being “grafted” onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets. The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions. Though the intent of this Trojan isn’t entirely clear, the possibilities for intent range from a malicious ad-network to an attempt to create an Android botnet.


If the phone is infected, "it has the potential to receive commands from a remote server that allow the owner of that server to control the phone," says Lookout. "Though the intent of this Trojan isn't entirely clear, the possibilities range from setting up a malicious mobile ad network to creating an Android botnet."

A couple of the games tainted with the Trojan are Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense and Baseball Superstars 2010.

The company makes it clear that any apps coming directly from the Google Android Market are safe.

Written by: Andre Yoskowitz @ 30 Dec 2010 22:34
Tags
Android Smartphones Trojan
Advertisement - News comments available below the ad
  • 12 comments

  • ivymike

    The Chinese Gov't must've came up with this one....

    30.12.2010 22:46 #1

  • elbald90

    hmmm is this an attempt at keeping everyone buying apps from the official sources rather than file sharing?

    31.12.2010 04:52 #2

  • plazma247

    @ ivymike, im pretty sure its not the Chinese Gov mate, its far more likely to be a western nations.

    Dont forget the virus in Iran, that specifically went after the motors of the enricher's.

    And the recent probably corporate payback on the anonymous group.

    As there is no digital version of the Geneva convention, I think we have only just seen the start of Government's and large corps using tech and the internet in more subversive and questionable ways as they wake up to their potential...

    ... this is exactly the same as the nuclear arms race, one country starts (did way back) and they all have to follow to keep up until a level of MAD is archived and then it goes one of two ways...

    FYI MAD = (mutually assured destruction)

    31.12.2010 05:27 #3

  • KillerBug

    It isn't a virus...it is a trojan. You have to manually install it. We are not talking about an attack here.

    31.12.2010 06:14 #4

  • plazma247

    Originally posted by KillerBug: It isn't a virus...it is a trojan. You have to manually install it. We are not talking about an attack here. Actually killer if we are going to be pedantic, a trojan is a virus, is the type of, for example:

    Worm
    Trojan
    Root Kit
    Back Door
    ETC..

    PS i belive the free lookout mobile security for droid detects it :)

    31.12.2010 06:25 #5

  • xyqo

    This is why I'll never give up my trusty old blackberry. There's a reason why they're the only government approves smart phones.
    Nothing against Google or the Android community but there's open and there's too open

    XXYYQQOO!!! Yeah WELCOME TO JAMROCK

    31.12.2010 08:45 #6

  • plazma247

    Originally posted by xyqo: This is why I'll never give up my trusty old blackberry. There's a reason why they're the only government approves smart phones.
    Nothing against Google or the Android community but there's open and there's too open     There is open, to open and then having a pretty good system and turning it off, opening the door and inviting everyone inside, really as the only android concerns have all been the last one so far.

    If people will change the option to allow apps from unknow sources, then knowling download warez and hooky apps from untrusted locations and then ends up with a virus as a result... whos to blame... only the user.

    And dude, i dont think black berries are the only phone the goverments use... ever heard of FIPS, see Link Here

    Seriously its not as if virus's were never created for the blackberry platform, from memory bbproxy was just one. There was also the mess in the middle east where the goverment made the teleco install spyware so they could get at users stuff a year or so before it all blew up places threating to bar them in their country due to not being able sniff data due to encrypted transfers.

    This is a good article Link Here.

    And thats not to mention the fact that blackberry do their connect software to support other non rim devices, so they can also use the transport system.

    At the end of the day use pop3 or imap and set it to use cert based secure sockets and where is the diffirence..... its always amazed me that rim has kept going this long and always made me laugh that despite the face every single gprs ive ever owned included a pop3 client. That it wasnt until the days of the iphone that a large majority of crack berry users i talked to started to realise the berry was not the only device that would email...

    31.12.2010 09:04 #7

  • Tristan_2

    Gee....I hate to say this but I think Mcaffee...they said apple devices and smartphones would be attacked with viruses on the 28th.......look on New Years Eve and it fucking happens HOURS BEFORE 2011 I Think Mcaffee is doing this this cannot be a coincidence

    31.12.2010 13:27 #8

  • Bozobub

    Or, perhaps, they see the malware samples coming in, with THAT DATE in the code..? Think a little, man.

    1.1.2011 13:01 #9

  • miketrev

    Originally posted by Tristan_2: Gee....I hate to say this but I think Mcaffee...they said apple devices and smartphones would be attacked with viruses on the 28th.......look on New Years Eve and it fucking happens HOURS BEFORE 2011 I Think Mcaffee is doing this this cannot be a coincidence Paranoid much?



    To get instant assistance with Flashing / JTAG / Homebrew from experts for free! click me (Im not one of the said experts BTW)

    Make poverty history, cheaper drugs NOW!

    2.1.2011 07:39 #10

  • bam431

    This is why I keep my phone in a condom.

    http://www.pirateparty.ca/
    Xbox Live: Rogue Jello - PSN: bam431 - IGN: bam431
    Youtube: electrowaffle - Twitter: bam431
    i5 760, P7P55D-E, Vapor-X HD5770, 8GB DDR3, 1TB HDD,

    2.1.2011 09:34 #11

  • plazma247

    ha :-p its good that in this day and age to know people still practice safe text.

    2.1.2011 09:35 #12

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud